The end of vulnerabilities. Alternating between Python and Ruby; R&D, Consulting, and Ops; Linux and BSD. Moving from Austin to Skokie to Baltimore. Adoptive to Bio. Republican to Democrat, and other Things Done Backwards

Wednesday, November 19, 2008

Literally Marinating in Vulnerabilities

Gunnar Peterson has an interesting blog which reflects his "asset focus", which I think is on target.

Why does a talk on finding and fixing vulnerabilities start with valuing assets? The reason is that vulnerabilities are everywhere, we are literally marinating in them. Interesting vulnerabilities are attached to high value assets. In a world that quite literally presents us with too much information, we need screens to sift out what is worth paying attention to. You can run your vulnerability assessment tool of choice on your system, and come back with hundreds or thousands of vulnerabilities, but which ones should you pay attention to and act on? The first part of answering this question is asset value.